After the woes I've experienced with the DG834 I cast about looking for a replacement device. It needed to be a decent ADSL 2+ router (with built in modem) and support site-to-site VPN tunnels - none of this VPN pass through garbage. After looking around a bit, I found the NB8WVPN from Netcomm which promises all sorts of things about how wonderful it is etc etc. So I purchased two and set them up at one of my problem sites - both ends. Now each of these sites has an Alcatel-Lucent phone system that use a VOIP link to put calls through to each other. Naturally this VOIP link has to go across a VPN.
With the VPN established between the two sites, I had some connectivity between them - that is, I could ping and browse the network etc but the phone systems couldn't talk to one another. The initial part of the VOIP signalling goes through, but the call itself doesn't. Remarkably frustrating I must say. After alterations to the phone systems (and I must add: the VOIP worked perfectly over the Netgear VPN) we got partial signalling through.
Eventually I put the stable Netgear back in and here's where it gets tricky. When I created the VPN between the NB8WVPN and the DG834 I had to make it quite basic. No Perfect Security or anything like that. Also, in the Advanced settings on the NB8, I had to change the settings to SHA-1 from it's original setting. Once this was all done I got a VPN back up! Yay! Before I performed jumps of joy, I tested it with my trusty sidekick. He could call me (from the Netgear side) but couldn't hear me and I couldn't call him from the NB8 side. The support on this is very sketchy out there. I was surprised by how little there is about these routers out there. I eventually upgraded the firmware on the NB8 and it's nearly time to test.
The good thing out of all this is, that the VPN was able to carry data like pings (ICMP) NetBIOS queries and various TCP streams like HTTP. It just doesn't seem to like the VOIP signalling. Additionally I found it very useful to disable the QoS on the Netcomm's. I tested the VOIP signalling by using two Linux notebooks with extra NIC's bridged and running Wireshark to see what was happening. I now need to go back to site and test it all.
Tuesday, 23 November 2010
Netgear DG834 woes
For quite some time I've used the Netgear DG834 as my router of choice, particularly as a low end router providing easy site-to-site VPN's. These little white routers will support up to 5 VPN tunnels and have proven themselves to be quite reliable under most circumstances.
Unfortunately, I think I've discovered the circumstances that these routers do not work well under. I have two sites under my management that have had no end of trouble with these routers. Here is the situation and the symptoms:
Unfortunately, I think I've discovered the circumstances that these routers do not work well under. I have two sites under my management that have had no end of trouble with these routers. Here is the situation and the symptoms:
- both sites are ADSL2
- both sites have a single VPN connection to them as the responder
- both sites have appropriate ADSL2+ capable filters and short cables etc
- both sites drop their ADSL connection (not line sync) after 13 to 16 days and then fail to reconnect.
- A restart of the device (soft or hard) and the connection will stay up for anywhere between 5 and 16 minutes - whatever the time length is, it will always die after that time e.g. if it's 10 minutes, then it will lose connection every 10 minutes.
- both lines have been tested (and charged to the end user) by the carrier and the wholesaler and no line problems have been found. There are some very mild anomalies but nothing that should cause these sorts of issues
- both routers have the latest firmware, have been reset to default and still show the same errors.
Subscribe to:
Posts (Atom)
Adventures with Immich
With the implementation of my Proxmox server it's now time to play with some new applications - and we'll start with Immich, a repla...
